Jacuzzi Bath Remodeler Phishing Email with subject Simple Luxuries Begin Here – Upgrade Your Bathroom, Change Your Life Now!

For the record, this is a Jacuzzi Bath Remodeler storage phishing email attempt that is recently going around, with subject Simple Luxuries Begin Here – Upgrade Your Bathroom, Change Your Life Now!

What to do?  Report them, goto bottom of page. 

From: JacuzziBathRemodelPromo.com Offer <alert@northyism.com> Subject: Simple Luxuries Begin Here – Upgrade Your Bathroom, Change Your Life Now! Jacuzzi Bath Remodel TREAT YOURSELF THIS WINTER From Outdated Tub to Dream Shower in as Little as One Day™ WAIVING ALL INSTALLATION COSTS¹ PLUS No Interest and No Payments for up to One Year² Get My Free Quote Slippery tubs and old showers can be risky, especially during winter months. Jacuzzi Bath Remodel helps you create a safer, more comfortable space with low-entry, slip-resistant designs engineered for confidence and peace of mind. TUB-TO-SHOWER CONVERSIONS | SHOWERS | BATHTUBS ★★★★★ “You guys did a wonderful job I love the way it looks; it makes it look so much bigger, it's absolutely stunning” —

PHISHING LINKs;

1. https://northyism.com/i/xxxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

AmeriSave Mortgage Phishing Email with subject Harness the Power of Your Home Equity with AmeriSave's HELOC!

For the record, this is a AmeriSave Mortgage storage phishing email attempt that is recently going around, with subject Harness the Power of Your Home Equity with AmeriSave's HELOC!

What to do?  Report them, goto bottom of page. 

From: Apply.AmeriSave.com <alert@northyism.com> Subject: Harness the Power of Your Home Equity with AmeriSave's HELOC! Header Get Cash Out with a HELOC from AmeriSave AmeriSave MORTGAGE Main Message Make Your Home Equity Work For You! Calculate Your Cash Phone Screen Text AmeriSave MORTGAGE   SEE HOW MUCH CASH CAN YOU ACCESS ○ $25,000 ○ $50,000 ● $100,000 ○ $200,000 ○ $300,000 ○ $400,000 Footer Text Your home's equity is one of your most powerful financial tools. With a HELOC from AmeriSave, you can access cash without refinancing your existing mortgage. Get competitive rates, flexible terms, and a simple online process that puts you in control. Unlock Your Home's Cash Today EQUAL HOUSING OPPORTUNITY If you would no longer like to receive email advertisements from AmeriSave.com, click here or write to us at: 1200 Altmore Avenue, Building 2, Suite 300, Sandy Springs, GA, 30342. AmeriSave Mortgage Corporation, NMLS ID #1168, (www.nmlsconsumeraccess.org); Corporate Office: Toll Free (866) 970-7283, 1200 Altmore Avenue, Building 2 - Suite 300, Sandy Springs, GA 30342; Arizona Mortgage Banker License BK-0906515; Licensed by the Department of Financial Protection and Innovation under the California Residential Mortgage Lending Act; Colorado - Regulated by the Division of Real Estate. To check the license status of your mortgage loan originator, visit Delaware License #5936, expiration 12/31/26, licensed by the Office of The State Bank Commissioner; Georgia Residential Mortgage License #17177; Illinois Residential Mortgage License #MB.0006749; Kansas Licensed Mortgage Company License #MC.0001259; Massachusetts Mortgage Lender-ML-1168; Mississippi - Licensed Mortgage Company; Missouri in state licensed location 100 Chesterfield Business Parkway, First Floor, Suite 283, St. Louis, Missouri 63005; Nevada License #3676; Licensed by the New Hampshire Banking Department; Licensed by the N.J. Department of Banking and Insurance, Phone # (866) 814-2960; Licensed Mortgage Broker License No. MB.803619.000; Oregon License #ML-2676; Rhode Island: Licensed as Rhode Island Licensed Lender and Licensed Rhode Island Loan Broker; Licensed in Washington as Consumer Loan Company License #CL-1168; Also conducts business in AK, AL, AR, CT, DC, FL, HI, IA, ID, IN, KY, LA, MD, ME, MI, MO, MN, MT, NC, ND, NE, NM, OH, OK, PA, SC, SD, TN, TX, UT, VA, VT, WI, WV, WY. Not all products and options are available in all states. Terms subject to change without notice. ©2026 AmeriSave Mortgage Corporation. AmeriSave is a registered service mark of Mortgage Management Solutions LLC. AmeriSave Mortgage and the design logo are service marks of Mortgage Management Solutions LLC. See site for details. NMLS #1168. Equal housing lender.

PHISHING LINKs;

1. https://northyism.com/c/xxxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

List all windows file extensions, highlighting suspect extensions that may link to malware

Here the C# code to List all windows file extensions, highlighting suspect extensions that may link to malware.

If you need commercial license, email me. Contact as validated today,    .

Free for personal use.

Download WinExts.7z

Source Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Win32;

//*************************************************************************************************
// Fri 13-Mar-26 3:25pm EDT MetadataConsulting.ca - 
// List all Windows file extensions (.txt, etc), and flag suspicious or non‑Unicode‑safe extensions
// = Non‑ASCII characters
// = Control characters
// = Invisible characters
// = Unicode homoglyphs (e.g., Cyrillic “а” instead of Latin “a”)
// = Anything outside the normal [A–Z0–9._-] pattern
//*************************************************************************************************

namespace ListAllExtensionsinRegistry
{
    class Program
    {
        static void Main()
        {
            var all = GetAllExtensionsMatchingPowerShell();

            // Sort output
            var sorted = new List<string>(all);
            sorted.Sort(StringComparer.OrdinalIgnoreCase);

            // Determine padding width for extension column
            int maxExtLen = 0;
            foreach (var ext in sorted)
                if (ext.Length > maxExtLen)
                    maxExtLen = ext.Length;

            Console.WriteLine(
                "Extension".PadRight(maxExtLen + 2) +
                "Program".PadRight(40) +
                "FriendlyTypeName".PadRight(40) +
                "Open Command"
            );

            foreach (var ext in sorted)
            {
                bool suspicious = IsSuspicious(ext);
                string displayExt = suspicious ? ext + " *???" : ext;

                string progId = GetAssociatedProgram(ext);
                if (string.IsNullOrEmpty(progId))
                    progId = "(none)";

                string friendly = GetFriendlyTypeName(progId);
                if (string.IsNullOrEmpty(friendly))
                    friendly = "(none)";

                string openCmd = GetOpenCommand(progId);
                if (string.IsNullOrEmpty(openCmd))
                    openCmd = "(none)";

                Console.WriteLine(
                    displayExt.PadRight(maxExtLen + 3) +
                    progId.PadRight(40) +
                    friendly.PadRight(40) + " " + 
                    openCmd
                );
            }
        }

        static HashSet<string> GetAllExtensionsMatchingPowerShell()
        {
            var set = new HashSet<string>(StringComparer.OrdinalIgnoreCase);

            // HKCR (merged)
            AddFromView(set, RegistryHive.ClassesRoot, RegistryView.Registry64);
            AddFromView(set, RegistryHive.ClassesRoot, RegistryView.Registry32);

            // HKLM\Software\Classes
            AddFromView(set, RegistryHive.LocalMachine, RegistryView.Registry64, @"Software\Classes");
            AddFromView(set, RegistryHive.LocalMachine, RegistryView.Registry32, @"Software\Classes");

            // HKCU\FileExts
            AddFromView(set, RegistryHive.CurrentUser, RegistryView.Registry64,
                @"Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts");
            AddFromView(set, RegistryHive.CurrentUser, RegistryView.Registry32,
                @"Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts");

            return set;
        }

        static void AddFromView(HashSet<string> set, RegistryHive hive, RegistryView view, string subKeyPath = null)
        {
            try
            {
                using (var baseKey = RegistryKey.OpenBaseKey(hive, view))
                using (var key = subKeyPath == null ? baseKey : baseKey.OpenSubKey(subKeyPath))
                {
                    if (key == null)
                        return;

                    foreach (var name in key.GetSubKeyNames())
                    {
                        try
                        {
                            if (name.StartsWith("."))
                                set.Add(name);
                        }
                        catch { }
                    }
                }
            }
            catch { }
        }

        // Lookup associated program (ProgID)
        static string GetAssociatedProgram(string ext)
        {
            try
            {
                using (var key = Registry.ClassesRoot.OpenSubKey(ext))
                {
                    if (key == null)
                        return null;

                    return key.GetValue(null) as string; // default value = ProgID
                }
            }
            catch
            {
                return null;
            }
        }

        // Lookup FriendlyTypeName
        static string GetFriendlyTypeName(string progId)
        {
            if (string.IsNullOrEmpty(progId))
                return null;

            try
            {
                using (var key = Registry.ClassesRoot.OpenSubKey(progId))
                {
                    if (key == null)
                        return null;

                    // FriendlyTypeName may be a resource string like "@shell32.dll,-12345"
                    var val = key.GetValue("FriendlyTypeName") as string;
                    if (!string.IsNullOrEmpty(val))
                        return val;

                    // Fallback: default value sometimes contains a readable name
                    var def = key.GetValue(null) as string;
                    return def;
                }
            }
            catch
            {
                return null;
            }
        }

        // Lookup open command from ProgID
        static string GetOpenCommand(string progId)
        {
            if (string.IsNullOrEmpty(progId))
                return null;

            try
            {
                using (var key = Registry.ClassesRoot.OpenSubKey(
                    progId + @"\shell\open\command"))
                {
                    if (key == null)
                        return null;

                    return key.GetValue(null) as string;
                }
            }
            catch
            {
                return null;
            }
        }

        // Detect suspicious or non-standard extensions
        static bool IsSuspicious(string ext)
        {
            if (ext == "." || string.IsNullOrEmpty(ext))
                return true;


            foreach (char c in ext)
            {
                if (c < 32 || c > 126)
                    return true;

                if (!(char.IsLetterOrDigit(c) || c == '.' || c == '_' || c == '-'))
                    return true;
            }

            return false;
        }
    }


}